Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

internet router configuration

hi pro's,

This is my internet router configuration which is directly connected to internet and other interface is connected to firewall .is this configuration sufficient enough against any attacks.

please review this and post your suggestions.

best regards

yogesh

3 REPLIES
Hall of Fame Super Blue

Re: internet router configuration

Hi

1) access-list "Fortigate" is not applied to any interface. If it is meant to be applied to the outside interface not such a good idea. Routers should route rather than do the function of a firewall although there is some basic filtering you can do (see 3).

2) You don't show the config for vty access but you should lock it down to who can access and if possible use ssh only.

3) Make sure you have done the standard router hardening eg. turn off small-services, no ip directed-broadcast etc.

4) You can do some basic filtering for networks in an access-list on the outside interface eg RFC 1918 address space filtering. Attached is a link for more details.

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_white_paper09186a00801afc76.shtml

HTH

Jon

New Member

Re: internet router configuration

Hi,

Thnx for the reply.

i don't have my routers and switches in any domain.and for SSH that is the first requirement, can i put my routers and switches in domain one by one without disturbing my network.

Hall of Fame Super Blue

Re: internet router configuration

Hi

I have never done it but i think you should be okay configuring a domain name on your switches / routers without any adverse effects on the network.

FYI, attached is another doc that covers basic router security

http://www.cisco.com/warp/public/707/21.html

Jon

192
Views
4
Helpful
3
Replies